-
Notifications
You must be signed in to change notification settings - Fork 27.5k
CORS access to $http response headers broken in Firefox -- consider workaround for bugzilla 608735 #1468
Comments
Some problem are solve in http://stackoverflow.com/questions/14188662/angularjs-and-apiary-io-cant-read-any-response-headers/ |
Lost an afternoon to this one. :( I looked into the angular source to see if I could patch a work around for the Firefox bug myself but came up empty. Created a plunk to illustrate the issue. http://plnkr.co/edit/hiTtKI Try it in webkit and firefox to see where firefox is coming up short. Unfortunately, it's kind of a show stopper for me. The API I'm targeting uses response headers to communicate pagination information (currentpage, totalpages....) |
The PR doesn't pass custom headers through because it's looping on a fixed set of headers. If you need custom headers included (I did), you'll need to manually extend the array in the angular.js file. simpleHeaders = ["Cache-Control", "Content-Language", "Content-Type", |
This bug was just fixed in FF. See bugzilla. I still think that we should include the workaround since it will take some time for the fix to propagate into the install base. |
A workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=608735 In FF getAllResponseHeaders() returns null if the request is the result of CORS. Tried to format the code so that when a FF patch is released and gains enough traction it can easily be selected and deleted. Heavily inspired by jQuery's patch for the same bug. This patch falls short of passing through custom headers but covers all of the "simple response headers" in the spec at http://www.w3.org/TR/cors/ This commit should get reverted once Firefox 21 gets out. Closes angular#1468 Conflicts: src/ng/httpBackend.js
How about custom header with firefox ? From the changes, I only can see simple header but not custom header. Is there any other patch regarding this ? Thanks |
@kkurni You'll have to add them manually (that's what I did). Could probably do this via new config option but I'm not clear on the guidelines there. |
Where do you add them? is that changing the code? I would love to add them in the config. Thanks Sent from my iPhone On 27/02/2013, at 5:59 AM, Will Moore [email protected] wrote: @kkurni https://github.com/kkurni You'll have to add them manually — |
@kkurni yep, it involves hacking on the source. This comment explains the how/where if you want to do it. #1468 (comment) |
According to http://www.w3.org/TR/cors/ 6.2 Preflight Request I think allowed headers should be set according to the response headers of Access-Control-Allow-Headers. |
android browser unable to retreive this custom header. Sent from my iPhone On 03/04/2013, at 7:29 PM, Ting Wang [email protected] wrote: According to http://www.w3.org/TR/cors/ 6.2 Preflight Request I think allowed headers should be set according to the response headers of — |
Mozilla has a long outstanding which causes
xhr.getAllResponseHeaders()
to be empty / missing so-called simple response headers for CORS requests. See https://bugzilla.mozilla.org/show_bug.cgi?id=608735 for details.Until this bug is fixed, I was hoping Angular could add a workaround for Firefox users and use
xhr.getResponseHeader()
instead.The text was updated successfully, but these errors were encountered: